29.3 SecurityWeb Services for Remote Portlets (WSRP) standard does not specify additional security mechanism, therefore the same security considerations than for other kinds of Web services may be applied for WSRP. In WebSphere Portal implementation of WSRP the following security options can be configured:
Security using Secure Socket Layer (SSL)Secure Socket Layer (SSL) is a protocol that enables secure message communication between servers and clients over the Internet. In a SSL authentication, the server exchanges the server certificate with the client and, optionally, the client exchanges the client certificate with the server. This certificate exchange is for purposes of verify both server and client (optional) identities. Using SSL for WSRP with WebSphere Portal allows authentication of Producer portals, as well as authentication of Consumer portals if Client Certificate Authentication is used. The following scenarios are supported, as shown in Figure 29-17:
Figure 29-17 SSL scenarios for WSRP with WebSphere Portal
LTPA token authenticationLightweight Third Party Authentication is an IBM proprietary protocol that uses cryptography to support security in a distributed environment. LTPA allows authentication of the end users using LTPA token forwarding. When a client authenticates to a Consumer portal using the LTPA authentication mechanism, a unique LTPA token is created for this client and it is used for all client requests of that session. This token is stored in a browser cookie to support SSO with other LTPA enabled application servers and it contains information about the cookie domain, user information, digital signature and date of expiration. The Consumer portal forwards the client LTPA token to the Producer who has to have the same LTPA keys that the Consumer.
|
 ibm.com/redbooks |